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Art Unit: 2435 

DETAILED ACTION 

1 . Claims 1-17 and 19-27 remain for examination. The correspondence filed 7/8/09 
amended claims 1-17 & 19-27, and cancelled claim 18. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 7/8/09 
has been entered. 

Response to Arguments 

3. Applicant's arguments with respect to claims 1-27 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

5. Claims 1 -1 6 and 1 9-27 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over"P-Synch Installation and Configuration Guide" (hereinafter, "P- 
Synch") in view of Wong (U.S. Patent Application Publication 2005/0102534). 
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Regarding claims 1, 21, and 27: 

P-Synch discloses a method, apparatus, and article of manufacture for 
evaluating a password proposed by a user, comprising: receiving a proposed password 
from a user (page 4, "3. Users select a new password..."); and rejecting the proposed 
password based on a rule for the selection of passwords (page 4, "4. P-Synch checks 
the new password..."; cf. pages 124-126 for sample rules). 

P-Synch does not explicitly disclose performing an Internet search using a query 
containing one or more keywords derived from said proposed password, and rejecting 
the password based on the results returned by said search engine. However, it is 
observed that P-synch, while already possessing a defined set of rules to measure a 
proposed password's strength, can nevertheless be extended by allowing an admin to 
add new rules via a plugin (page 127, section 10.19.1 "Adding new rules with a plugin 
program"). Furthermore, Wang discloses a related security auditing tool including inter 
alia functionality to test passwords according to various security criteria, said 
functionality in turn including inter alia querying one or more Internet search engines to 
determine if a password can be correlated to a user according to any number of criteria 
(paragraphs 01 08-01 1 0 and 01 27). It would have been obvious to one of ordinary skill 
in the art to develop a plugin for P-Synch that implements the above functionality 
disclosed by Wong's automated password cracker to determine if a proposed new 
password can be correlated to a user, as the technique is clearly within the capabilities 
of one of ordinary skill in the art. 
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Regarding claims 2, 3, and 22: 

P-Synch further discloses wherein said one or more predefined correlation rules 
evaluate whether that said proposed password can be [qualitatively: the password is the 
username; quantitatively: the password is similar to the username] correlated with said 
user (page 126, as indicated). 

Regarding claims 4, 6, 23, and 24: 

P-Synch in view of Wong further discloses wherein said proposed password is 
comprised of a proposed answer and a proposed hint (P-Synch: the user Q&A profiles 
on pages 83 and 199-200), and wherein the proposed answer can be correlated 
with/obtained from the proposed hint in a particular relation (Wong: pars. 0108-01 10). 

Regarding claim 5: 

P-Synch further discloses wherein said particular relation is selected from the 
group consisting essentially of self, family member, co-author, teammate, colleague, 
neighbor, community member, or household member (pages 83, 199, & 200). 

Regarding claims 7 and 25: 

P-Synch further discloses wherein said proposed password is an identifying 
number (e.g. PIN number, e.g. page 6, "2.2.2 Authentication Systems"). 



Application/Control Number: 1 0/81 5,1 91 Page 5 

Art Unit: 2435 

Regarding claims 8 and 26: 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 

the identifying number identifies a person in a particular relationship to the user (P- 

Synch: "Family member phone number that is not your own", pages 83 and 200; Wong: 

paragraph 0109). 

Regarding claim 9: 

P-Synch further discloses wherein said one or more pre-defined correlation rules 
evaluate whether said identifying number is a top N most commonly used identifying 
number (in the embodiment where the password is a PIN, the password history rules on 
pages 126 and 127). 

Regarding claim 10: 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 
the identifying number identifies a top N commercial entity (P-Synch: "radio station dial 
number" at pages 83 and 200; Wong: paragraph 0109). 

Regarding claim 1 1 : 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 
the identifying number identifies the user (P-Synch: "Your SSN", Ibid; Wong: Ibid). 
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Regarding claims 12-14: 

P-Synch further discloses wherein said identifying number is a portion of a 

telephone number, address, or social security number (pages 83 and 200). 

Regarding claim 15: 

P-Synch further discloses wherein said proposed password is a word (page 125, 
the dictionary rules). 

Regarding claim 16: 

P-Synch further discloses wherein said one or more predefined correlation rules 
evaluate whether a correlation between said word and said user exceeds a predefined 
threshold (e.g. the last two rules on page 125). 

Regarding claim 19: 

P-Synch further discloses wherein said step of ensuring a correlation further 
comprises the step of performing a local proximity evaluation (e.g. the last two rules on 
page 125, and the variants of the username on page 126). 

Regarding claim 20: 

P-Synch further discloses wherein said step of ensuring a correlation further 
comprises the step of performing a number classification (the digits rules: page 1 25). 
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6. Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over P-Synch 
in view of Wong as applied to claim 1 above, and further in view of "About Metacrawler" 
(hereinafter, "Metacrawler"). 

Regarding claim 17: 

Although Wong suggests searching a plurality of search engines (paragraph 
0108), neither Wong nor P-Synch explicitly disclose using a meta-search engine. 
However, Metacrawler discloses a single meta-search engine capable of searching a 
plurality of search engines (Metacrawler, entire article, but particularly the first 
paragraph). It would have been obvious to one of ordinary skill in the art to employ a 
meta-search engine like Metacrawler into the invention disclosed by Wong [or the 
combination of P-Synch with Wong], as doing so would lead to better results obtained 
significantly faster than by searching each engine separately (Metacrawler, "Better 
Search, Faster Results"). 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

• U.S. Patent Applications 2005/0076239 and 2002/0078386 

• U.S. Patents 7,275,258 and 5,944,825 

• "Googling Up Passwords" by Scott Granneman (see pages 2-3 for relevant 
teachings regarding automated use of a search engine for password testing) 
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8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas Gyorfi whose telephone number is (571)272- 
3849. The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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